Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
8926	2021-06-15 22:13	o.wbk 3b434e413f2d01c57af401e14b87336e RTF File doc AntiDebug AntiVM Malware download VirusTotal Malware MachineGuid Malicious Traffic Checks debugger exploit crash unpack itself Windows Exploit DNS crashed	1 Keyword trend analysis	1	7 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Possible Malicious Macro DL EXE Feb 2016 ET MALWARE Possible Malicious Macro EXE DL AlphaNumL ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		4.8	M	27	ZeroCERT

8927	2021-06-15 22:16	bmw.exe f7bd49ac1e676db8c9f2e3bbd5b03a75 PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Windows DNS crashed					3.2		25	ZeroCERT

8928	2021-06-15 22:18	win32.exe a16db782cfe5e230ebf096ca3ff78037 AsyncRAT backdoor PWS .NET framework Admin Tool (Sysinternals Devolutions inc) Malicious Library AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key					8.0	M	22	ZeroCERT

8929	2021-06-15 22:20	3306.exe 369af7277751019de4e0a12b294d24de PE File PE32 Malware download VirusTotal Malware GhostRAT AutoRuns sandbox evasion Windows Backdoor DNS		1	2		4.2	M	61	ZeroCERT

8930	2021-06-15 22:23	vbc.exe bd75edbd6e80ceb4ebf356cda78263f1 AsyncRAT backdoor PWS .NET framework Admin Tool (Sysinternals Devolutions inc) Malicious Library SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName DNS Cryptographic key crashed		1			9.6		21	ZeroCERT

8931	2021-06-15 22:25	svchost.exe 6572076bc21603b0612703e4dd2e1f67 PE File PE32 VirusTotal Malware RWX flags setting unpack itself DNS					2.4	M	35	ZeroCERT

8932	2021-06-16 08:13	svchost.exe 6572076bc21603b0612703e4dd2e1f67 Generic Malware Admin Tool (Sysinternals Devolutions inc) Malicious Packer PE File PE32 VirusTotal Malware RWX flags setting unpack itself					2.0	M	40	r0d

8933	2021-06-16 08:54	3306.exe 369af7277751019de4e0a12b294d24de Gh0st RAT Malicious Packer PE File PE32 VirusTotal Malware AutoRuns sandbox evasion Windows					3.6	M	61	r0d

8934	2021-06-16 09:03	CRTbrowser.exe dcfbe1432bfb588cec075420669d248d AsyncRAT backdoor PWS .NET framework PE File .NET EXE PE32 VirusTotal Malware Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces suspicious TLD Tofsee	1 Keyword trend analysis	2	1		3.6		49	ZeroCERT

8935	2021-06-16 09:04	updatetes.exe a4f1f7fe9de324bf060f44976d1e0d17 PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Windows DNS crashed					4.0		43	ZeroCERT

8936	2021-06-16 09:06	Canaliculi.exe d5598c9448076b1dc59cb57d56a264f4 PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Windows DNS crashed		1			3.2		24	ZeroCERT

8937	2021-06-16 09:06	serv.exe 6272467a49ad2e4de00757fcfd0366fe AsyncRAT backdoor PWS .NET framework Generic Malware Admin Tool (Sysinternals Devolutions inc) Malicious Library SMTP AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware Buffer PE PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted RWX flags setting unpack itself Windows DNS Cryptographic key crashed keylogger					10.8		21	ZeroCERT

8938	2021-06-16 09:08	Expense.exe b127f3a9da9a84ab311eeff6917b7bd6 PWS Loki[b] Loki[m] AgentTesla AsyncRAT backdoor .NET framework DNS KeyLogger ScreenShot DGA Socket Create Service Sniff Audio HTTP Escalate priviledges FTP Code injection Http API Internet API Steal credential Downloader P2P AntiDebug AntiVM PE F VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder WriteConsoleW Windows ComputerName DNS Cryptographic key DDNS crashed	1 Keyword trend analysis	3	1		13.8	M	23	ZeroCERT

8939	2021-06-16 09:11	app.exe 4da006c3ae2c486c41f3007a2b7f4782 NPKI PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Windows DNS crashed					3.2	M	22	ZeroCERT

8940	2021-06-16 09:14	JoSetp.exe ed59308f9e2b59ec4195a99788cee8ee Gen1 AsyncRAT backdoor PWS .NET framework BitCoin AntiDebug AntiVM PE File .NET EXE PE32 DLL OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Collect installed applications Check virtual network interfaces AppData folder malicious URLs installed browsers check Tofsee Ransomware Windows Browser ComputerName DNS Cryptographic key Software crashed	13 Keyword trend analysis Info http://xalemiaind.xyz/ https://videoconvert-download12.xyz/api.php https://videoconvert-download12.xyz/ https://api.ip.sb/geoip https://iplogger.org/1vyFz7 https://iplogger.org/1p6br7 https://videoconvert-download12.xyz/api.php?getusers https://topnewsdesign.xyz/?user=bj2 - rule_id: 1776 https://topnewsdesign.xyz/?user=bj3 - rule_id: 1776 https://topnewsdesign.xyz/?user=bj1 - rule_id: 1776 https://topnewsdesign.xyz/?user=bj6 - rule_id: 1776 https://topnewsdesign.xyz/?user=bj4 - rule_id: 1776 https://topnewsdesign.xyz/?user=bj5 - rule_id: 1776	10	1	6	18.4	M	24	ZeroCERT